V
Virus Guy
http://www.bbc.co.uk/news/technology-16627713
19 January 2012 Last updated at 06:47 ET
McAfee tackles 'spam hijack' flaw in anti-malware code
A leading anti-virus software firm says a flaw in one of its programs
has exposed its customers' computers to the risk of being hijacked by
spammers. McAfee said it planned to release a patch for its SaaS for
Total Protection service by the end of Thursday. The software is
marketed as a "peace of mind" solution offering "complete email and web
protection".
McAfee said there had been at least one related attack, but stressed
that users' data had not been put at risk.
The problem was exposed on British art firm Kaamar Limited's blog
earlier this week. Keith and Annabel Morrigan posted a warning to other
owners of the product after receiving a message alerting them to the
fact that their server had been sending out spam emails.
They said that further research had revealed their computer had been
sending out the equivalent of what would have been 10 months' worth of
normal traffic in one day. After linking the botnet attack to a problem
with their anti-malware software's "Rumor Service" they said that they
had alerted McAfee to the problem on 5 January.
The owners of the Staffordshire-based business noted that their email
address had been flagged up as a threat as a consequence of the attack,
meaning that even their legitimate messages were now being blocked from
delivery.
"As an ultimate insult, even McAfee, whose software is at the root of
our problems, now rate our email IP as 'High Risk': we can't email them
as they have blacklisted us!" they wrote.
Alternative products
McAfee's director of security research, David Marcus, confirmed the
problem with the firm's software on the firm's blog on Wednesday. He
acknowledged "a misuse of our 'rumor' technology to allow an attacker to
use an affected machine as an 'open relay', which could be used to send
spam".
"The... issue has been used to allow spammers to bounce off of affected
machines, resulting in an increase of outgoing email from them. Although
this issue can allow the relaying of spam, it does not give access to
the data of an affected machine. "The forthcoming patch will close this
relay capability."
Computer security experts said that the affair should not dissuade
computer users from installing protection software.
"It is very unusual for products such as those from McAfee to have a
security flaw, and the knowledge necessary to exploit such a flaw is
rarer still. So, people should use products like this as otherwise you
lay yourself open to far more likely attacks," said Prof Alan Woodward
from the University of Surrey's Department of Computing.
"There is an argument being expressed in the community of late that very
popular products are more likely to be examined by hackers for flaws as
any flaw would then give access to a high number of machines. But, using
less well-known products means you do not necessarily have access to the
same depth of expertise or the infrastructure available from the bigger
brands."
19 January 2012 Last updated at 06:47 ET
McAfee tackles 'spam hijack' flaw in anti-malware code
A leading anti-virus software firm says a flaw in one of its programs
has exposed its customers' computers to the risk of being hijacked by
spammers. McAfee said it planned to release a patch for its SaaS for
Total Protection service by the end of Thursday. The software is
marketed as a "peace of mind" solution offering "complete email and web
protection".
McAfee said there had been at least one related attack, but stressed
that users' data had not been put at risk.
The problem was exposed on British art firm Kaamar Limited's blog
earlier this week. Keith and Annabel Morrigan posted a warning to other
owners of the product after receiving a message alerting them to the
fact that their server had been sending out spam emails.
They said that further research had revealed their computer had been
sending out the equivalent of what would have been 10 months' worth of
normal traffic in one day. After linking the botnet attack to a problem
with their anti-malware software's "Rumor Service" they said that they
had alerted McAfee to the problem on 5 January.
The owners of the Staffordshire-based business noted that their email
address had been flagged up as a threat as a consequence of the attack,
meaning that even their legitimate messages were now being blocked from
delivery.
"As an ultimate insult, even McAfee, whose software is at the root of
our problems, now rate our email IP as 'High Risk': we can't email them
as they have blacklisted us!" they wrote.
Alternative products
McAfee's director of security research, David Marcus, confirmed the
problem with the firm's software on the firm's blog on Wednesday. He
acknowledged "a misuse of our 'rumor' technology to allow an attacker to
use an affected machine as an 'open relay', which could be used to send
spam".
"The... issue has been used to allow spammers to bounce off of affected
machines, resulting in an increase of outgoing email from them. Although
this issue can allow the relaying of spam, it does not give access to
the data of an affected machine. "The forthcoming patch will close this
relay capability."
Computer security experts said that the affair should not dissuade
computer users from installing protection software.
"It is very unusual for products such as those from McAfee to have a
security flaw, and the knowledge necessary to exploit such a flaw is
rarer still. So, people should use products like this as otherwise you
lay yourself open to far more likely attacks," said Prof Alan Woodward
from the University of Surrey's Department of Computing.
"There is an argument being expressed in the community of late that very
popular products are more likely to be examined by hackers for flaws as
any flaw would then give access to a high number of machines. But, using
less well-known products means you do not necessarily have access to the
same depth of expertise or the infrastructure available from the bigger
brands."